Who’s safeguarding your company data?
A Nightmare on Elm Street, The Shining and countless other horror classics give us a scare at this time of year. But for many businesses in 2019, it’s GDPR that still sends a shiver down the spine. The biggest proposed fine in the GDPR era so far goes to British Airways. It may have to pay £183.39m for failing to prevent a fraudulent attack on their computer systems which affected 500,000 customers.
These new regulations have more teeth than Jaws. So how is your data being safeguarded?
While IT and legal considerations may be front of mind, HR will play an important role too.
Training is one such area where HR can take a lead. Almost 18 months after GDPR came into force, are you sure your staff know how to keep data safe? While some individuals will have specific responsibilities, all staff will have general obligations for keeping data safe. Train them up and ask us about easy to implement eLearning for GDPR, it should be standard for all employee inductions.
One area in your remit is managing the process of remote working. Whether your company treats it as a flexible working perk, or you have some staff who just feel the need to take work away, it could be exposing you to serious risk if not managed correctly.
Emailing work out to personal devices or email accounts is a no-no. This could bypass much of your IT security procedures, putting you at risk of a virus or hack. Even worse would be emailing company personal data to a home email address. The moment this happens you are no longer in control of that information.
It’s essential your staff know the risks and follow good practice when working remotely. Why not work with your IT people to develop appropriate policies?
We’ve assumed an accidental breach so far. Less common, but still something to be mindful of, is malicious behaviour by an employee, stealing data for example. Here, good vetting during recruitment will help. And don’t hesitate to revoke access to sensitive data if you learn they are leaving and have concerns.
Don’t forget! By default when you manage staff, you’ll be in charge of personal data too – that of your employees. So ensure you treat it as such. If you don’t use it already, ask us about HR Dept Toolkit – our secure HR software that simplifies the way you manage
Is vegetarianism protected under equality law?
Which one of these has been rejected as a philosophical belief under equality law? A. Climate change; anti-fox hunting and anti-hare coursing B. Vegetarianism or C. Scottish independence. If you chose option B, vegetarianism, you would be correct.
The others are judged to be within the definition of philosophical belief and are thus protected from discrimination. The term “philosophical belief” is broad so it is often tested in court. There are several criteria which judges consider, including that there must be a certain level of cogency, seriousness, cohesion and importance. The vegetarian case lost because people choose to be vegetarian for differing reasons.
It’s worth noting that both vegetarianism and veganism are growing in popularity. It may be beneficial to consider this when providing catering for work-related meetings and by reining in so called “office banter” on the subject.
For the record
What would you feel like if one of your team covertly recorded you? Indignant? Angry? Reaching for the P45? A case at the Employment Appeal Tribunal (EAT) shines a light on the issue.
It concerned an employee who felt a departmental restructure was biased against her. She interrupted a meeting and refused to leave, demanding to know the points of discussion. When she was called into an HR meeting later to be informed she was being disciplined for this behaviour, she covertly recorded the conversation.
An attempt at mediation and then sickness absence followed, before the employee was summarily dismissed. A breakdown in the working relationship was cited as the reason.
Both an employment tribunal and the EAT found the dismissal to be unfair. During the hearings the existence of the secret recording became apparent. The employer claimed entrapment, and said they would have sacked her for gross misconduct had they been aware of the recording. They argued compensation should be reduced to nothing.
However, the EAT did not accept this. They found that the employee was not motivated by malice, but simply wished to keep accurate records when feeling extremely stressed. It went on to provide guidance on how tribunals should treat the admissibility of secretly recorded employee evidence. In particular, to consider the motivation of the employee and the blameworthiness of the employer in a given situation.
We’d advise reviewing your disciplinary and grievance policies to either include covert recording as an example of gross misconduct, or permit declared recording provided those being recorded give their consent. This will strengthen your hand when dealing with a case of covert recording. But as per the EAT guidance, be mindful that in some circumstances, it may still be admissible evidence.
Protecting your have-a-go heroes
Is it a bird? Is it a plane? Is it Superman? No, it’s your employee diving down a manhole to retrieve a customer’s iPhone. Or smashing into an out-of-control airport catering truck with a pushback tractor just before it writes-off a multimillion-pound jet.
Generally it’s great when you have your very own superhero on your team. Someone who goes above and beyond to satisfy a customer or prevent disaster. But it’s essential that your staff understand health and safety rules to take care of themselves and others.
The above examples really happened in America, with the airport worker even receiving a pat-on-the-back Tweet from President Trump. It was a fast-food worker who rescued the phone, and he cut his hand and muddied his clothes doing so, although he was still smiling. High risk jobs should always have the correct safety measures in place. And for those unexpected scenarios, ensure your staff know to consider their own safety before diving in.
Is your office dressing up for Halloween?
Some fancy-dress costumes inspired by real life characters are too offensive to publish here. Yet, a quick search online will tell you that yes, some people will actually go there!
Others may be tempted to show too much flesh, or turn themselves into a trip or fire hazard. And worst of all, some people may not wish to engage in the fun at all!
A bit of dressing up at Halloween can be great for your office culture. But do set boundaries about what’s appropriate. Or you may find yourself getting a Halloween shock you were not expecting. As well as taste, health and safety, and letting people know it is ok to opt out, consider what effect dressing up will have on your company image if you’ll be hosting visitors, and plan in accordance.
Brexit for business
Apologies, as you’re probably sick to death of the B-word, but we do want you to be prepared for Brexit. Check out these government guides to help you identify what actions you need to take regarding your staff. There’s an interactive calculator, a pdf guide you can share with employees affected by change, and drivers’ guidance. In risk management it’s often said that “there are things we know, things we don’t know and things we don’t know that we don’t know”. The sentiment is bound to be true of Brexit. So ensure you’ve developed a risk assessment and contingency plan for managing your workforce during this period of uncertainty.